Install Windows 11 in a VM on VMware Workstation or ESXi

• Author
• Recent Posts

Brandon Lee

Brandon Lee has been in the IT industry 15+ years and focuses on networking and virtualization. He contributes to the community through various blog posts and technical documentation primarily at Virtualizationhowto.com.

Latest posts by Brandon Lee (see all)

• ManageEngine OpManager: Comprehensive monitoring for on-prem, cloud, and containers - Thu, Mar 23 2023
• Install K3s, a lightweight, production-grade Kubernetes distro - Mon, Mar 20 2023
• VMware NSX Advanced Load Balancer: Installation and configuration - Fri, Mar 10 2023

With Windows 11, Microsoft has upped the security requirements out of the box. Therefore, the PC must have a TPM device present to install the operating system. It seems the early release copies of Windows 11 didn't require this. However, the GA media now checks for the TPM module and, if not installed, throws an error.

This PC cant run Windows 11 error message

In general, Windows 11 requires the hardware listed below to run, as documented by Microsoft. It can easily be provided on virtual hardware. Issues installing Windows 11 seem to arise primarily when a TPM device isn't found on older computers or the CPU is outdated. You can read the detailed requirements here.

In both VMware Workstation and VMware vSphere ESXi, there is a process for adding a virtual TPM device to the virtual machine.

VMware Workstation

At the time of this writing, VMware Workstation has no option for Windows 11. However, you can choose Windows 10 and later X64 here, and it works fine.

Choosing an operating system for Windows 11 installation in VMware Workstation 1

Before adding the virtual TPM device, we must encrypt the VMware Workstation VM. To do this, navigate to the Virtual Machine Settings > Access Control > Encryption section. Click the Encrypt button.

To use a virtual TPM the VM must be encrypted 1

Next, under the Options > Advanced configuration, ensure the virtual machine is configured for UEFI > Enable secure boot.

Make sure the VM is set to UEFI and secure boot 1

Now, on the Virtual Machine Settings > Hardware tab, click Add. Choose the Trusted Platform Module, and click Finish.

Add the virtual TPM to the Windows 11 VM in VMware Workstation 1

After encrypting the hard disk and adding the TPM device, you can mount the ISO media and install Windows 11 in VMware Workstation without error.

VMware ESXi

Installing Windows 11 on a VMware vSphere ESXi VM is similar to VMware Workstation. When creating a new Windows 11 virtual machine in VMware ESXi, the VM needs to be encrypted to use the virtual TPM. In step 4, Select storage in the new virtual machine wizard, select the Encrypt this virtual machine checkbox.

Encrypt the virtual machine for Windows 11 in VMware ESXi

To encrypt a virtual machine in VMware vSphere, you must have a key provider configured. With VMware vSphere 7 Update 2, you can use the built-in Native Key Provider to support virtual machine encryption without needing a third-party provider.

You can configure/view the integrated Key Provider configuration under the properties of your vCenter Server in vSphere Client > Configure > Key Providers.

Using the Native Key Provider in VMware ESXi 1

To create a new VMware vSphere ESXi Windows 11 VM, in step 6, Select a guest OS, select Microsoft Windows 10 (64-bit). As of VMware vSphere 7.0 Update 3c, as in VMware Workstation, there is still no option for Windows 11. However, choosing Windows 10 works fine.

Select the guest OS version 1

On the Virtual Hardware tab of the Customize hardware screen, you need to select Add new device > Trusted Platform Module.

Your physical ESXi host does not need to have a physical TPM 2.0 chip installed before you have the option of adding the virtual TPM. However, without a physical TPM 2.0 chip in the ESXi host, you can't implement other security recommendations, such as host attestation.

Adding the TPM to the Windows 11 VMware ESXi VM

After finishing the creation of the virtual machine, the installation of Windows 11 begins without error and proceeds as expected.

Windows 11 installation begins in VMware ESXi without error 1

Conclusion

Installing Windows 11 in VMware Workstation and VMware ESXi is relatively straightforward. You can satisfy the hardware requirements in both platforms by encrypting the hard disks and adding the virtual TPM device.

Having a physical TPM device installed in the VMware Workstation or VMware ESXi host is not required to install Windows 11, since VMware can create a virtual vTPM 2.0 device. However, a physical TPM is required for host attestation and other advanced security implementations.